quasar | d969fc2e15743d6d44f477907368f2ebc96cefba20a232861fc7337bfa938d75 | Triage

Submit
Reports

Overview

overview

Static

static

wf4780.exe

windows7-x64

wf4780.exe

windows10-2004-x64

Sharing

General

Target

wf4780.exe
Size

2.8MB
Sample

230507-lcq7csfh8w
MD5

ec4951e9f2b1945815954fec161cf57a
SHA1

8e9e6857a0251a89b9c43b650344fb4f1648fa76
SHA256

d969fc2e15743d6d44f477907368f2ebc96cefba20a232861fc7337bfa938d75
SHA512

596e28d3529be33483589973ac34410f574cd888bda74e1e24afb2a2de107af4e788e2a27648da3c4fe4db4f49184244ce6ccf50f480c95c8d252d541587ad15
SSDEEP

49152:y/Cbs48/vm/XpRDVHFZuAzG5LfvUza32ehyfT36:y/Ob8/vm/XnDVHbs

Score

10^/10

quasar x spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

wf4780.exe

Resource

win7-20230220-en

quasar x spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

wf4780.exe

Resource

win10v2004-20230221-en

quasar x spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

X

C2

45.141.27.208:4780

127.0.0.1:4780

Mutex

d6e77ea9-bff7-4566-b4dd-f1be3c293c5e

Attributes

encryption_key
57F667877C1FCDA6663E2FDAC6FB8CFDE3CEA957
install_name
winx.exe
log_directory
Logs
reconnect_delay
3000
startup_key
winx
subdirectory
sys

Targets

- Target
  
  wf4780.exe
- Size
  
  2.8MB
- MD5
  
  ec4951e9f2b1945815954fec161cf57a
- SHA1
  
  8e9e6857a0251a89b9c43b650344fb4f1648fa76
- SHA256
  
  d969fc2e15743d6d44f477907368f2ebc96cefba20a232861fc7337bfa938d75
- SHA512
  
  596e28d3529be33483589973ac34410f574cd888bda74e1e24afb2a2de107af4e788e2a27648da3c4fe4db4f49184244ce6ccf50f480c95c8d252d541587ad15
- SSDEEP
  
  49152:y/Cbs48/vm/XpRDVHFZuAzG5LfvUza32ehyfT36:y/Ob8/vm/XnDVHbs
Score

10^/10

quasar x spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarxspywaretrojan

behavioral2

quasarxspywaretrojan

© 2018-2024

Terms | Privacy